<?php

//数据过滤函数库
/*
  功能：用来过滤字符串和字符串数组，防止被挂马和sql注入
  参数$data，待过滤的字符串或字符串数组，
  $ignore_magic_quotes为true，忽略get_magic_quotes_gpc
 */
function in ( $data, $ignore_magic_quotes=false )
{
	if ( is_string ( $data ) )
	{
		$data = trim ( htmlspecialchars ( $data ) ); //防止被挂马，跨站攻击
		if ( ($ignore_magic_quotes == true) || (!get_magic_quotes_gpc ()) )
		{
			$data = addslashes ( $data ); //防止sql注入
		}
		return $data;
	}
	else if ( is_array ( $data ) )//如果是数组采用递归过滤
	{
		foreach ( $data as $key => $value )
		{
			$data[ $key ] = in ( $value );
		}
		return $data;
	}
	else
	{
		return $data;
	}
}

//用来还原字符串和字符串数组，把已经转义的字符还原回来
function out ( $data )
{
	if ( is_string ( $data ) )
	{
		return $data = stripslashes ( $data );
	}
	else if ( is_array ( $data ) )//如果是数组采用递归过滤
	{
		foreach ( $data as $key => $value )
		{
			$data[ $key ] = out ( $value );
		}
		return $data;
	}
	else
	{
		return $data;
	}
}

//文本输入
function text_in ( $str )
{
	$str = strip_tags ( $str, '<br>' );
	$str = str_replace ( " ", "&nbsp;", $str );
	$str = str_replace ( "\r", "", $str );
	$str = str_replace ( "\n", "<br>", $str );
	if ( !get_magic_quotes_gpc () )
	{
		$str = addslashes ( $str );
	}
	return $str;
}

//文本输出
function text_out ( $str )
{
	$str = str_replace ( "&nbsp;", " ", $str );
	$str = str_replace ( "<br>", "\n", $str );
	$str = stripslashes ( $str );
	return $str;
}

//html代码输入
function html_in ( $str )
{
	$search = array ( "'<script[^>]*?>.*?</script>'si", // 去掉 javascript
		"'<iframe[^>]*?>.*?</iframe>'si", // 去掉iframe
	);
	$replace = array ( "",
		"",
	);
	$str = @preg_replace ( $search, $replace, $str );
	$str = htmlspecialchars ( $str );
	if ( !get_magic_quotes_gpc () )
	{
		$str = addslashes ( $str );
	}
	return $str;
}

//html代码输出
function html_out ( $str )
{
	if ( function_exists ( 'htmlspecialchars_decode' ) )
		$str = htmlspecialchars_decode ( $str );
	else
		$str=html_entity_decode ( $str );

	$str = stripslashes ( $str );
	return $str;
}

?>